[Swan] ike and esp notation

armin.vehr at mmlab.de armin.vehr at mmlab.de
Thu Nov 12 13:19:36 UTC 2020


Hi List!

I was tasked to set up a site-to-site VPN to a supplier site and decided 
to use LibreSwan.

My platform is CentOS 8.2.2004, LibreSwan is version 3.29-7.

The remote peer operator sent me the following encryption details but I 
didn't find according IKE or ESP cipher/algorithm settings in the list 
of supported settings at

https://libreswan.org/wiki/FAQ > Which ciphers / algorithms does 
libreswan support?

I have to use:

Phase1
======
- Encryption Algorithm AES-256
- Hash SHA512
- Diffie-Hellman 14

Phase2
======
- ESP Encryption AES-256
- Hash SHA512
- Diffie-Hellman 14

I added the following parameters to my ipsec.conf and wonder if they are 
supported and if the notation is correct:

ike=aes256-sha512;dh14
esp=aes256-sha512;dh14

Can anybody confirm if they are correct?

Thank you very much!

Best regards
Armin

__________ Information from mm-lab IT security __________The message was checked by ESET Mail Security.


More information about the Swan mailing list